Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
The-generalist
Participant
Jump to solution

Migrate to 10Gb interface

Hi, 

I'm about to move a Checkpoint 15k cluster from the current 1Gb interfaces to new 10Gb interfaces.

There are clans created on the 1Gb interfaces and I have to remove those and create the same vlan interfaces on the new 10Gb interfaces.

Have anyone done this before? 

What steps are included in this change?

2 Solutions

Accepted Solutions
Maarten_Sjouw
Champion
Champion

Easiest is this way, there will be a minor glitch on failover nr 1:

  • copy the interface lines from show configuration interface and adjust inthe following way:
    • on the old interface issuing delete interface eth1-03 vlan 25 will delete vlan 25 and all the config from it.
    • add the vlan's to the new interface by adjusting the old commands setting the correct interface
    • Copy and adjust the set interface ipv4-address commands
    • double check those commands make sure to also copy and adjust the set interface state on commands
  • on standby member run cphastop to disable clustering
  • paste the delete vlan commands
  • paste the add vlan and set IP address commands
  • now update the interfaces of the backup member in the cluster object, the member interfaces are set in the Advanced tab of the cluster interface configuration
  • push policy
  • run cphastart on the backup member
  • flip the cluster over to the backup member ( this could give a dip in the connections
  • now repeat the above steps for the other member

Good luck and be aware to plan this in a maintenance window, easier to tell everyone this will caus 15 minutes downtime and be done in 1 minute than the other way around.

Regards, Maarten

View solution in original post

(1)
HeikoAnkenbrand
Champion Champion
Champion

Or a quick and dirty hack:

1) Change the PCI bus ID's and the interfaces in the following file

/etc/udev/rules.d/00-OS-XX.rules

Now replace the 1 GB Interfaces with the 10 GB Interfaces.

2)  Reboot the appliance

Attention!
You make sure that the file is adjusted during the next update for example from R77.30 to R80.20.

 

 

 

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

7 Replies
Maarten_Sjouw
Champion
Champion

Easiest is this way, there will be a minor glitch on failover nr 1:

  • copy the interface lines from show configuration interface and adjust inthe following way:
    • on the old interface issuing delete interface eth1-03 vlan 25 will delete vlan 25 and all the config from it.
    • add the vlan's to the new interface by adjusting the old commands setting the correct interface
    • Copy and adjust the set interface ipv4-address commands
    • double check those commands make sure to also copy and adjust the set interface state on commands
  • on standby member run cphastop to disable clustering
  • paste the delete vlan commands
  • paste the add vlan and set IP address commands
  • now update the interfaces of the backup member in the cluster object, the member interfaces are set in the Advanced tab of the cluster interface configuration
  • push policy
  • run cphastart on the backup member
  • flip the cluster over to the backup member ( this could give a dip in the connections
  • now repeat the above steps for the other member

Good luck and be aware to plan this in a maintenance window, easier to tell everyone this will caus 15 minutes downtime and be done in 1 minute than the other way around.

Regards, Maarten
(1)
The-generalist
Participant

That is awesome! 

A big thanks to you 🙂

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Or a quick and dirty hack:

1) Change the PCI bus ID's and the interfaces in the following file

/etc/udev/rules.d/00-OS-XX.rules

Now replace the 1 GB Interfaces with the 10 GB Interfaces.

2)  Reboot the appliance

Attention!
You make sure that the file is adjusted during the next update for example from R77.30 to R80.20.

 

 

 

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

Please note that performance tuning is necessary for a 10 GBit/s interface.

For example multi-queueing and other tuning options.

More see here:

R80.x Performance Tuning Tip – Multi Queue


Regards

Heiko

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
The-generalist
Participant

Thanks for your answer!

So you mean that after switching interfaces I need to tune GAIA for 10Gb?

We're currently on R77.30 but we're soon going to upgrade to R80.20.

abihsot__
Advisor

Sorry for bringing up the old thread. First of all, how was the migration?

I wanted to clarify why would you expect a dip in connections? Is clusterXL should not handle such situation?

0 Kudos
carbonblack
Explorer

Is a very simple solution to edit the file:

/etc/udev/rules.d/00-OS-XX.rules

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events